npm - @sahu-01/openpaw - Versions diffs - 1.0.0 - Mend

@sahu-01/openpaw 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/chunk-MO4EEYFW.js +38 -0
package/dist/dist-Z5EH6AMS-AR4I3RYI.js +233 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +231321 -0
package/package.json +38 -0

package/dist/chunk-MO4EEYFW.js ADDED Viewed

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __commonJS = (cb, mod) => function __require2() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+export {
+  __require,
+  __commonJS,
+  __toESM
+};

package/dist/dist-Z5EH6AMS-AR4I3RYI.js ADDED Viewed

@@ -0,0 +1,233 @@
+#!/usr/bin/env node
+import "./chunk-MO4EEYFW.js";
+// ../migrate/dist/dist-Z5EH6AMS.js
+import { randomBytes, createCipheriv, createDecipheriv, createHash } from "crypto";
+import { readFile, writeFile, unlink, stat, mkdir } from "fs/promises";
+import { join, dirname } from "path";
+import { homedir } from "os";
+import { z } from "zod";
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 12;
+var AUTH_TAG_LENGTH = 16;
+var KEY_LENGTH = 32;
+var CredentialTypeSchema = z.enum(["api_key", "oauth_token", "password", "certificate"]);
+var CredentialSchema = z.object({
+  id: z.string(),
+  service: z.string(),
+  type: CredentialTypeSchema,
+  encryptedValue: z.string(),
+  createdAt: z.string(),
+  // ISO date string for JSON serialization
+  updatedAt: z.string()
+});
+var VaultStoreSchema = z.object({
+  version: z.literal(1),
+  credentials: z.array(CredentialSchema)
+});
+function generateCredentialId(service, type) {
+  const random = randomBytes(8).toString("hex");
+  const hash = createHash("sha256").update(`${service}:${type}:${Date.now()}:${random}`).digest("hex").slice(0, 8);
+  return `cred_${service}_${type}_${hash}`;
+}
+function parseCredentialId(id) {
+  const match = id.match(/^cred_([a-zA-Z0-9]+)_(.+)_([a-f0-9]{8})$/);
+  if (!match || !match[1] || !match[2] || !match[3]) return null;
+  return {
+    service: match[1],
+    type: match[2],
+    hash: match[3]
+  };
+}
+function generateMasterKey() {
+  return randomBytes(KEY_LENGTH);
+}
+async function deriveKeyFromPassword(password, salt) {
+  const { pbkdf2 } = await import("crypto");
+  const { promisify } = await import("util");
+  const pbkdf2Async = promisify(pbkdf2);
+  const actualSalt = salt ?? randomBytes(16);
+  const key = await pbkdf2Async(password, actualSalt, 1e5, KEY_LENGTH, "sha256");
+  return { key, salt: actualSalt };
+}
+function encrypt(plaintext, key) {
+  if (key.length !== KEY_LENGTH) {
+    throw new Error(`Key must be ${KEY_LENGTH} bytes for AES-256-GCM`);
+  }
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return Buffer.concat([iv, authTag, encrypted]).toString("base64");
+}
+function encryptDetailed(plaintext, key) {
+  if (key.length !== KEY_LENGTH) {
+    throw new Error(`Key must be ${KEY_LENGTH} bytes for AES-256-GCM`);
+  }
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("base64"),
+    ciphertext: encrypted.toString("base64"),
+    tag: authTag.toString("base64")
+  };
+}
+function decrypt(ciphertext, key) {
+  if (key.length !== KEY_LENGTH) {
+    throw new Error(`Key must be ${KEY_LENGTH} bytes for AES-256-GCM`);
+  }
+  const data = Buffer.from(ciphertext, "base64");
+  if (data.length < IV_LENGTH + AUTH_TAG_LENGTH) {
+    throw new Error("Invalid ciphertext: too short");
+  }
+  const iv = data.subarray(0, IV_LENGTH);
+  const authTag = data.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+  const encrypted = data.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+  const decipher = createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+  return decipher.update(encrypted) + decipher.final("utf8");
+}
+function decryptDetailed(encResult, key) {
+  if (key.length !== KEY_LENGTH) {
+    throw new Error(`Key must be ${KEY_LENGTH} bytes for AES-256-GCM`);
+  }
+  const iv = Buffer.from(encResult.iv, "base64");
+  const authTag = Buffer.from(encResult.tag, "base64");
+  const encrypted = Buffer.from(encResult.ciphertext, "base64");
+  const decipher = createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+  return decipher.update(encrypted) + decipher.final("utf8");
+}
+async function secureWipe(filePath) {
+  const fileStats = await stat(filePath);
+  for (let i = 0; i < 3; i++) {
+    const randomData = randomBytes(fileStats.size);
+    await writeFile(filePath, randomData);
+  }
+  await unlink(filePath);
+}
+function getDefaultVaultPath() {
+  return join(homedir(), ".openpaw", "vault.json");
+}
+var Vault = class {
+  store;
+  key;
+  vaultPath;
+  constructor(key, vaultPath) {
+    if (key.length !== KEY_LENGTH) {
+      throw new Error(`Key must be ${KEY_LENGTH} bytes for AES-256-GCM`);
+    }
+    this.key = key;
+    this.vaultPath = vaultPath ?? getDefaultVaultPath();
+    this.store = { version: 1, credentials: [] };
+  }
+  /**
+   * Load vault from disk
+   */
+  async load() {
+    try {
+      const content = await readFile(this.vaultPath, "utf8");
+      const parsed = JSON.parse(content);
+      this.store = VaultStoreSchema.parse(parsed);
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        this.store = { version: 1, credentials: [] };
+      } else {
+        throw error;
+      }
+    }
+  }
+  /**
+   * Save vault to disk
+   */
+  async save() {
+    const dir = dirname(this.vaultPath);
+    await mkdir(dir, { recursive: true });
+    await writeFile(this.vaultPath, JSON.stringify(this.store, null, 2), "utf8");
+  }
+  /**
+   * Import a new credential into the vault
+   */
+  async import(service, type, value) {
+    const id = generateCredentialId(service, type);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const encryptedValue = encrypt(value, this.key);
+    const credential = {
+      id,
+      service,
+      type,
+      encryptedValue,
+      createdAt: now,
+      updatedAt: now
+    };
+    this.store.credentials.push(credential);
+    await this.save();
+    return credential;
+  }
+  /**
+   * List all credentials (without decrypted values)
+   */
+  list() {
+    return this.store.credentials.map(({ encryptedValue, ...rest }) => rest);
+  }
+  /**
+   * Get a credential by ID and decrypt its value
+   */
+  get(id) {
+    const credential = this.store.credentials.find((c) => c.id === id);
+    if (!credential) return null;
+    const value = decrypt(credential.encryptedValue, this.key);
+    return { credential, value };
+  }
+  /**
+   * Get credential by service and type
+   */
+  getByService(service, type) {
+    const credential = this.store.credentials.find(
+      (c) => c.service === service && (type === void 0 || c.type === type)
+    );
+    if (!credential) return null;
+    const value = decrypt(credential.encryptedValue, this.key);
+    return { credential, value };
+  }
+  /**
+   * Delete a credential by ID
+   */
+  async delete(id) {
+    const index = this.store.credentials.findIndex((c) => c.id === id);
+    if (index === -1) return false;
+    this.store.credentials.splice(index, 1);
+    await this.save();
+    return true;
+  }
+  /**
+   * Get the vault file path
+   */
+  getPath() {
+    return this.vaultPath;
+  }
+};
+async function createVault(key, vaultPath) {
+  const vault = new Vault(key, vaultPath);
+  await vault.load();
+  return vault;
+}
+export {
+  CredentialSchema,
+  CredentialTypeSchema,
+  Vault,
+  VaultStoreSchema,
+  createVault,
+  decrypt,
+  decryptDetailed,
+  deriveKeyFromPassword,
+  encrypt,
+  encryptDetailed,
+  generateCredentialId,
+  generateMasterKey,
+  getDefaultVaultPath,
+  parseCredentialId,
+  secureWipe
+};

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ #!/usr/bin/env node